IT Employment

General discussion

Active Directory - Planning stage - OU's

I work for a multinational organisation.We are one company(as oppsed to a comglomorate) with around 20 offices in Europe and Japan(500 users).Each country is using their own language for the desktop OS's(2000, xp). Currently each office is a single NT4 domain(no trusts). I am playing with different AD models and am leaning towards the geographical approach but was wondering a few things.

1. Would it be a good idea to have an OU for each Country and under that an OU for each City? This would be useful as we do have an administrator in each country, but is this just adding a layer too many? (I could easily just make the admin guy the administrator of which ever city in that country)

2. Do any of you (with multinationals) use a OU based on Language? Is it useful?

All Comments

Active Directory Configuration

Devising one OU per country and one OU per city, may work for you or it may not.

Some nations/confederacies (US, EU, etc) require data security and separation to protect end user data. You should check with your legl departments to see if there are any concerns.

While most believe that the domain is the boundary security model, this is not actually true in Active Directory. Since all domains have a trust automatically between each other, the true security boundary is the forest. Thus, if you have a requirement for physically or logically secure data, you are truly looking at separate forests.

If you do plan to implement multi-language OU capability into the forest, that you do organize by nation and city. However, this may well cause issues in some nations where citizens are multi-lingual. An example would be Canada where both French and English are naturally spoken depending on the area in which you are located. I can see potential issues if a client from the Ontario office visits the Quebec office.

Also, having a deep OU structure will also complicate security modeling. You will need to have a very deep understanding of Group Policy Objects to successfully implement this design. And your support personnel will require training in supporting this design.

Start or search

Create a new discussion

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Post type

Subject title

Topic Tags

Select up to 3 tags (1 tag required)

Cloud

Piracy

Security

Apple

Microsoft

IT Employment

Google

Open Source

Mobility

Social Enterprise

Community

Smartphones

Operating Systems

Windows

Mac

Malware

Tablets

Networking

Browser

Hardware

Software

Web Developerment

Linux

Off Topic

Message Body

Track this discussion and email me when there are updates

Please note: Do not post advertisements, offensive material, profanity, or personal attacks. Please remember to be considerate of other members. If you're new to the TechRepublic Forums, please read our TechRepublic Forums FAQ. All submitted content is subject to our Terms Of Use.